Aliyun STS SDK for Python

3.1.3 verified Fri May 01 auth: no python

The official Alibaba Cloud (Aliyun) STS (Security Token Service) SDK for Python. Version 3.1.3. Allows obtaining temporary security credentials (access keys) for accessing Alibaba Cloud resources. Release cadence is low, typically updated alongside the core SDK.

pip install aliyun-python-sdk-sts

Common errors

error ImportError: No module named 'aliyunsdkcore' ↓

cause Missing dependency aliyun-python-sdk-core.

fix

Run: pip install aliyun-python-sdk-core

error AttributeError: module 'aliyunsdksts' has no attribute 'request' ↓

cause Wrong import statement; trying to import the module instead of the request class.

fix

Use: from aliyunsdksts.request.v20150401 import AssumeRoleRequest

error aliyunsdkcore.exception.ServerException: HTTP Status: 404 Error: InvalidParameter.RoleArn ↓

cause RoleArn parameter is missing or incorrectly formatted.

fix

Ensure RoleArn is set with the correct format: acs:ram::<account-id>:role/<role-name>

Warnings

breaking In version 3.x, the base SDK was restructured. All request classes are now in aliyunsdk<service>.request. Do not use the old AliyunApiClient pattern. ↓

fix Use AcsClient from aliyunsdkcore.client and request classes from aliyunsdksts.request

gotcha The STS SDK does not install the core SDK automatically. If you only install aliyun-python-sdk-sts, you will get ImportError for AcsClient. ↓

fix Install both: pip install aliyun-python-sdk-core aliyun-python-sdk-sts

deprecated The older method client.do_action(request) (without _with_exception) is deprecated; it returns raw bytes without error handling. ↓

fix Use client.do_action_with_exception(request) which returns a string.

Imports

StsRequest

wrong

import sts

correct

from aliyunsdksts.request.v20150401 import AssumeRoleRequest

Wrong import; the SDK uses the full request class.

StsClient

wrong

from aliyunsdksts.client import AcsClient

correct

from aliyunsdkcore.client import AcsClient

The client is from aliyunsdkcore, not from the sts package.

Quickstart

Assume a role using STS to get temporary credentials.

from aliyunsdkcore.client import AcsClient
from aliyunsdksts.request.v20150401 import AssumeRoleRequest
import json

client = AcsClient(
    os.environ.get('ALIBABA_CLOUD_ACCESS_KEY_ID', ''),
    os.environ.get('ALIBABA_CLOUD_ACCESS_KEY_SECRET', ''),
    'cn-hangzhou'
)

request = AssumeRoleRequest()
request.set_RoleArn('acs:ram::1234567890:role/ecsbackup')
request.set_RoleSessionName('session-test')
response = client.do_action_with_exception(request)
print(json.loads(response))